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(54) Method of protecting electronically published materials using cryptographic protocols. 

(S?) The present invention is a method of protect- 
ing electronically published documents. It invol- 
ves operating a computer system and network 
(9) for electronic publication of documents, 
including the steps of : a) receiving requests for 
documents from a plurality of users (117) hav- 
ing computers with display devices (121) or 
printers (123), including with the requests un- 
ique user identification for each of the plurality 
of users; b) authenticating the requests from 
the plurality of users with a copyright server (7) ; 
c) using the copyright server to direct a docu- 
ment server (3) to act upon proper authenti- 
cation of each request; d) in response to 
direction from the copyright server, using a 
document server (7) to create uniquely en- 
coded, compressed and encrypted documents 
for each authenticated request the documents 
having unique encoding corresponding to each 
of the plurality of users, and forwarding the 
documents to each authenticated request user 
through the network (9) to corresponding 
agents of each authenticated request user, each 
of the agents being selected from display 
agents (111) and printer agents (113); and, e) 
decrypting and uncompressing the documents 
at each of the agents and making the docu- 
ments available for use only in response to 
receiving correct secret keys provided by the 
authenticated request user to the agents. These 
agents are either pre-installed as software into 
each of the plurality of users* computers, pre- 
installed as hardware or firmware into user 
hardware selected from display devices and 
printers, or are software programs transmitted 
at the time of use. 
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FIELD OF THE INVENTION 

The present invention relates to methods of pro- 
tecting electronically published materials using cryp- 
tographic protocols. The invention also utilizes spe- 5 
cial "agents" of software or hardware to have individ- 
ual requirements for display devices and/or printers to 
effect decryption and display or printing of the docu- 
ments. These methods are directed to inhibiting illicit 
republication or copying of electronically published 10 
documents. 

INFORMATION DISCLOSURE STATEMENT 

Cryptography and Identity Verification have 15 
been described in the prior art in conjunction with 
computer transmissions through networks. For ex- 
ample, United States Patent No. 4,393,269 describes 
a method of incorporating a one-way sequence for 
transaction and identity verification and United 20 
States Patent No. 4,995,082 sets forth a method of 
identifying subscribers and for generating and verify- 
ing electronic signatures in data exchange systems. 
United States Patent No. 5,144,665 describes a cryp- 
tographic communication method and system. Al- 25 
though these patents use cryptographic techniques 
and key identification and access methods, none 
teaches or suggests the system claimed herein which 
involves a combination of techniques to prevent illicit 
copying and to enhance tracing of original users. 30 

SUMMARY OF THE INVENTION 

The present invention is a method of protecting 
electronically published documents. It involves oper- 35 
ating a computer system and network for electronic 
publication of documents, including the steps of: a.) 
receiving requests for documents from a plurality of 
users having computers with display devices or prin- 
ters, including with the requests unique user identify 40 
cation for each of the plurality of users; b.) authenti- 
cating the requests from the plurality of users with a 
copyright server; c.) using the copyright server to di- 
rect a document server to act upon proper authenti- 
cation of each request; d.) in response to direction 45 
from the copyright server, using a document server to 
create uniquely encoded, compressed and encrypted 
documents for each authenticated request, the docu- 
ments having unique encoding corresponding to each 
of the plurality of users, and forwarding the docu- 50 
ments to each authenticated request user through the 
network to corresponding agents of each authenticat- 
ed request user, each of the agents being selected 
from display agents and printer agents; and, e.) de- 
crypting and uncompressing the documents at each 55 
of the agents and making the documents available for 
use only in response to receiving correct secret keys 
provided by the authenticated request user to the 



agents. These agents are either pre-installed as soft- 
ware into each of the plurality of users' computers, 
pre-installed as hardware or firmware into user hard- 
ware selected from display devices and printers, or 
are software programs transmitted at the time of use. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention will be more fully under- 
stood when the specification herein is taken in con- 
junction with the appended drawings, wherein: 

Figure 1 illustrates a diagram of the overall archi- 
tecture of the present invention method of pro- 
tecting electronically published materials; 
Figure 2 illustrates a specific architecture for a 
present invention method using specialty hard- 
ware; and, 

Figure 3 illustrates a specific architecture for a 
present invention method using specialty soft- 
ware. 

DETAILED DESCRIPTION OF THE PRESENT 
INVENTION 

1. INTRODUCTION 

The increased use of facsimile has made the 
electronic transfer of paper documents more accept- 
ed. Electronic mail, electronic bulletin boards and 
large networks systems make it possible to distribute 
electronic information to large groups. Moreover, the 
proliferation of personal computers and workstations, 
the excellent quality of desktop printers and the plum- 
meting cost of storage devices for large volumes of 
electronic data have made it technologically feasible 
to display, print and store documents electronically. 
All of these developments have made electronic pub- 
lishing a reality. The electronic distribution of informa- 
tion is faster, less expensive, and requires less effort 
than making paper copies and transporting them. 
Other factors that favor electronic information distrib- 
ution include the ability to use a computer to search 
for specific information, and the ability to more easily 
customize what is being distributed to the recipients. 
Electronic newspapers, magazines and journals are 
poised to supplement and eventually replace the cur- 
rent paper distribution networks. 

The advantages offered by electronic distribu- 
tions are also among the primary technical impedi- 
ments to the acceptance of electronic documents as 
a replacement for paper versions. One of the major 
technical and economic challenges faced by electron- 
ic publishing is that of preventing individuals from 
easily copying and illegally distributing electronic 
documents. It is easier for a person who receives an 
electronic document to forward it to a large group than 
it is for a person who receives a paper copy of the 
same document. In addition, electronic copies are 
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more like the originals than paper copies. When an 
electronic copy is made, the original owner and the re- 
cipient have identical entities. Bootlegged copies of 
electronic documents are likely to result in major loss- 
es in revenue. 5 

Thus, the present invention is directed to the use 
of cryptographic protocols to discourage or prevent 
the distribution of illicit electronic copies via any avail- 
able distribution and presentation techniques, typi- 
cally, using printers and display devices. The term 10 
"printer" as used herein is intended for broad interpre- 
tation so as to include mechanical and laser printers, 
facsimile machines, copiers, plotters, etc. Likewise, 
"display devices" should be broadly taken to include 
any device that displays documents in any form other 15 
than printed form. The present invention involves two 
alternative approaches to making electronic docu- 
ment distribution secure. In each case, the publisher 
encrypts the document with a secret key. In the first 
method, described in Section 3.1, special purpose 20 
hardware or firmware in the printers and display de- 
vices decrypts the document The user only has ac- 
cess to the encrypted version of the document, which 
is not useful to anyone else. 

In the second method, described in Section 3.2, 25 
the document is decrypted in software in the reci- 
pients computer. Special purpose hardware or firm- 
ware is not required, but the bitmap is available to the 
user and can be distributed. In this strategy, the pub- 
lisher encrypts the document, transmits the docu- 30 
ment in a page description language (hereinafter 
°PDL"), such as the well known PostScript language, 
and the decryption program produces a bitmap. The 
publisher can easily modify the inter-line or inter- 
word spacings in the PDL version of the document to 35 
make each copy of the document unique. There are 
two elements of this strategy that discourages the 
distribution of illegal copies: 

1. Illegal copies, that are in violation of the copy- 
right laws, can be traced back to the original own- 40 
er. 

2. The bitmap, or an easily compressed version 
of the bitmap, has more bits than the PDL ver- 
sion, so that it costs an illegal distributor more to 
transmit the document than it does the publisher. 45 
This strategy also reduces the transmission cost 

to the publisher for unique document identification. 
The unique identifiers are easily removed from the 
PDL version, but not from the bitmap. Encryption 
makes it possible for the publisher to transmit the PDL 50 
version without giving the user access to it 

The cost of a processor that is capable of per- 
forming decryption is not large with respect to cost of 
printers and displays. Therefore, one should suspect 
that the first strategy will probably be used once elec- 55 
tronic publishing catches on. However, until electron- 
ic publishing is used on a widespread basis, it is un- 
likely that output devices with internal decryption ca- 



pabilities will exist The second strategy may provide 
an acceptable means to achieve the purpose of the in- 
vention before specialty hardware is widely accepted. 
Although the second strategy just discourages illegal 
copying and does not prevent it, it makes a wider 
class of electronic publications possible. Once a rea- 
sonable set of electronic publications is available, 
special purpose hardware should become reason- 
able. 

2. ARCHITECTURE 

The basic architecture for the distribution of elec- 
tronic documents according to the present invention 
is shown in Figure 1. Here, Document Server 3 (trust- 
ed by a publisher) provides encoded, encrypted and 
compressed document to User 17. Copyright Server 
7 authenticates requests from User 17 for obtaining 
documents, and this is also trusted by a publisher. 
Display Agent 11 includes software trusted by pub- 
lisher which decrypts and displays the document ob- 
tained from Document Server 3. Printing Agent 1 3 in- 
cludes software trusted by a publisher which de- 
crypts and prints the document obtained from docu- 
ment server. Either Display Agent 11 or Printing Agent 
1 3, or both, or a plurality of these may be available to 
a user. 

Network 9 transports document requests and 
documents to and from the other components. User 
17 generates a signed request for document and will 
need to provide a secret key to display or print a docu- 
ment 

3. PROPOSED EMBODIMENTS 

Two generally separate embodiments are pro-- 
posed for making electronic document distribution 
secure. The first approach requires special purpose 
hardware for displaying or printing the electronic 
document, and may be more appropriate when the 
hardware technology progresses to the stage where 
such special purpose devices are inexpensive and 
easily available. The second approach utilizes dis- 
play devices and printers that are available now. How- 
ever, both protocols use the same basic architecture 
and method discussed before. 

3.1 Example 1 

This first embodiment, shown in Figure 2, in- 
volves a straightforward application of cryptographic 
techniques to send encrypted information between a 
Document Server 103, which is trusted by the pub- 
lisher, and a trusted Display Agent 111 and/or a trust- 
ed Printing Agent 113. The Display Agent 111 or Print- 
ing Agent 113, containing the secret key that is shared 
with the Copyright Server 1 07, resides within the spe- 
cial purpose display device 121 or printer 123 de- 
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signed for electronic publishing. Thus, Agent means 
the necessary software, hardware, and/or firmware 
to decrypt only in response to specified inputs. These 
devices must be sealed so that it is not easy to make 
copies of the hardware or firmware that contains the 5 
secret key or keys. 

When the User 1 1 7 wants to view or print a docu- 
ment, he must make a request for a document via net- 
work 109 by using a unique identification, such as a 
credit card number, or other relatively valuable num- 10 
ber that a user would not be willing to give away to 
someone else for illicit purposes. The Copyright Ser- 
ver 107 will authenticate the User's request and then 
the Document Server 103 sends out an encrypted 
copy directly to the display device 121 or printer 123 1 5 
available to User Space 115. This document is en- 
crypted so that only a specific printer or display de- 
vice can decrypt it Since only an encrypted docu- 
ment is seen on the network, it is not possible for a 
malicious user to get at the document. Once the dis- 20 
player or printer receives the encrypted document, 
the device decrypts it and displays or prints it As an- 
other feature for some embodiments of the present 
invention, in order for the User to activate display or 
print functions, the User may be required to input to 25 
the Display or Print Agent, a unique identification 
number such as was used to make the initial request. 
In these embodiments, it is possible to prevent the 
distribution of illicit copies. The algorithm used in this 
method to encrypt information could be any standard 30 
algorithm, such as DES (a known private key system- 
Digital Encryption Standard). However, this ap- 
proach requires special purpose displays and printers 
for electronic publishing, and so may be more appro- 
priate when there is a sufficient set of services and 35 
users to justify such special purpose hardware. Such 
hardware is well within the skill of the artisan, but the 
economics based on low numbers of users would 
make it difficult to succeed commercially until wide- 
spread electronic publishing occurred. 40 

3.2 Example 2 

In this second approach, cryptographic techni- 
ques that do not require special purpose hardware are 45 
used. The problem that is encountered when dealing 
with conventional displays and printers is that the in- 
formation that is displayed or printed exists in the re- 
cipient's computer. The recipient can capture the in- . 
formation that will be displayed, and can distribute so 
that information to as many other printers and dis- 
plays as desired. Instead of trying to prevent the re- 
cipient from redistributing information, the objective 
will be to discourage the distribution of bootlegged 
copies. 55 

In an earlier work, it was shown that the ability to 
custom tailor copies of the journal for each recipient 
could also be used to identify the original owner of a 



document. Information that identifies the original 
owner is encoded into the space between the lines 
and words of text or as part of unique shifting or 
changes in word, line and character features. The in- 
tention of the mechanism is to discourage individuals 
from distributing journals in violation of the copyright 
laws. 

A protocol is now described by which documents 
can be distributed electronically to the subscribers 
and the subscribers can be discouraged from distrib- 
uting the documents electronically to non-subscrib- 
ers. The algorithm used to encrypt information could 
be any standard algorithm, like RSA (an algorithm 
public key system which is well known- Revere Sha- 
mirez Algorithm). The present invention involves the 
novel application of cryptographic techniques to dis- 
courage the illegal distribution of electronic docu- 
ments. Since this example does not require special 
purpose hardware, it is believed that this technique 
will help demonstrate the feasibility of electronic 
document distribution, and encourage new services 
in this area. Once there are enough users, special 
purpose hardware will be justified, and a simpler 
method like Example 1 may then be used successful- 
ly from a commercial standpoint. 

3.2.1 Overview of the Protocol 

The protocol is discussed in conjunction with Figure 
3 and works in the following phases: 

1. Request Generation: user u requests a docu- 
ment by sending a signed message to Copyright 
Server 207 via Network 209, including document 
details. 

2. Document Transmission: (a) the Copyright 
Server 207 verifies the request and if it is valid, 
it arranges to send the document from the Docu- 
ment Server 203, (b) Document Server 203 
sends the encrypted and compressed PDL ver- 
sion of the document to the User 217. The docu- 
ment sent to user u is also encoded or finger- 
printed with some information unique to u. (Alter- 
natively, this encoding or finger-printing of the 
document may be performed at the user end, e.g. 
by the user's printer or display device.) The Copy- 
right Server 207 may also send the Display Agent 
211 and the Printing Agent 213 to the User Space 
215 at this stage. 

3. Document Viewing or Printing: upon receiving 
a request to display (or print) the document, the 
Display Agent 211 or the Printing Agent 213 
prompts the User 217 to type in his/her secret 
key, S u , upon receiving which the agent decrypts 
and decompresses the received PDL document, 
generates a bitmap and sends it to the display de- 
vice 221 or printer 223. 

Details of the Protocol 

Hereinafter, d, c, and u refer to the Document 
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Server, the Copyright Server and the User, respec- 
tively. It is assumed that each user u has a pair of pub- 
lic and secret keys P u and In addition, the Docu- 
ment/Copyright Server will have a key M % which will 
be used to encrypt the transmitted documents and 
which will be embedded in the Display and Printing 
Agents so that they can decrypt the received docu- 
ments. 

Request Generation: 

m^(u f c) = [ u, document info, ES 0 [ u, document 
info]] 

This is a signed message from user u to Copy- 
right Server c requesting a document Document in- 
formation (like journal, title of article, authors, etc.) Is 
sent together with the user ID, u. The user ID u helps 
the Copyright Server to look up the directory to find 
P u , the public key of the user In addition, the user 
signs the clear text with his/her secret key, S u . En- 
cryption E with $ u is needed to prevent malicious 
users from pretending to be who they are not, to pre- 
vent any tampering of the document request 

Document Transmission: 

Copyright Server receives m^u.c), looks up the 
directory for P Uf decrypts £S U [u, [document info]], 
and compares the clear text against the decrypted 
text If they are identical, it sends a message rrhs to the 
Document Server to send the document m^(d r u) to 
user. The Copyright Server also sends the Display 
Agent and the Printing Agent to the user as message 
m 2 (c,u) at this stage. The Display Agent and the Print- 
ing Agent have embedded in them a key O, which is 
EPJWJ, i.e. the key, encrypted with the public key 
P u of the user. 

m 2 (c,</) - [[Display Agent],[Printing Agent]] 
m z (d,u) = EtA* [[Compressed Document]] 
The Display and Printing Agents are not encrypt- 
ed because nobody other than a specific user u can 
use them for decrypting an encrypted document 

The document sent to the user is a compressed 
PDL version that is encrypted with M x . Even if user u 
distributed the Display or Printing Agents, together 
with the encrypted document, it would be of no use 
unless the secret key S u was divulged as well be- 
cause the key M x , with which the document is encrypt- 
ed, cannot be generated from O without S u . 

Document Viewing or Printing: 

To view (or print) a document the Display (Print- 
ing) Agent first prompts the user for his secret key Su. 
The embedded key <D is decrypted with S u to obtain 
the key M x with which the compressed document is 
decrypted. This is further decompressed, converted 
to a bitmap and sent to the screen (printer). 



The above protocol will allow a legitimate user to 
request a document and view it on his/her termi- 
nal/workstation as many times as desired. However, 
it will prevent an illegal user from doing the same 
5 even if he/she happens to copy the Display/Printing 
Agents and the encrypted document from the legal 
user. The underlying assumption in the protocol is 
that the user's secret key, S U( is too important for the 
user to give up. If the secret key is the same as used 
10 for electronic mail signatures, system login or credit- 
card purchases, there is a strong disincentive to giv- 
ing it away to others. 

Additional precautions can be built in by some- 
how restricting the document to be displayed or print- 
15 ed on some pre-registered hardware. But this is not 
desirable as it will tie down the user to specific ma- 
chines and restrict his/her mobility. 

Once the document has been decrypted and de- 
compressed, it is available as a bitmap in the user's 
20 computer. Recall that (1) the bitmap is finger-printed 
with information specif ic to user, u. and (2) the bitmap 
is much larger than the compressed PDL version of 
document transmitted by the publisher. So, even if 
the user is willing to capture and transmit the much 
25 larger bitmap file, the user can only do it at the risk of 
incriminating himself, unless the user makes the sig- 
nificantly larger effort required to erase the finger- 
print from the bitmap. 

30 3.2.2. Use-Once Programs as a Key-Hiding 
Mechanism 

As pointed out in Example 2, critical programs are 
required to be executed under the user control to dis- 
ss play and print documents. For example, there is a dis- 
play or printing agent which is a trusted program with 
the publisher's magic key M % hidden in it During exe- 
cution, the display (printing) agent picks up ESJMJ 
from the right location, decrypts it using S u provided 
40 by the user u and used it to decrypt the encrypted 
document. Note that if the user can discover M x by 
analyzing the code for display (printing) agent and 
stopping the execution at the right point, then the 
whole purpose of sending encrypted documents is 
45 defeated. Since this kind of reverse engineering can- 
not be completely prevented, the payoff of reverse 
engineering is reduced by sending trusted programs 
that do the same job but look different for each user. 
If documents and Display/Printing agents are distrib- 
so uted through networks, it is relatively easy to gener- 
ate a unique copy for each recipient 

The use of use-once programs also has the ad- 
vantage that the origin of program can be readily 
traced. Modifying a binary executable to create an- 
55 other working program requires a deep understand- 
ing of the program structure and any self-protection 
mechanisms (checksums) a program may employ. 
Compared to protecting printed articles, identifying 
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programs is relatively easy. 

For example, four different levels of security may 
be used: 

1. all users have the same Display/Printing 
Agents containing an algorithm that derives a key 5 
from a system identifier; 

2. the Display/Printing Agent are sent once (or at 
some time interval but unique for each user); 

3. the Display/Printing Agents are the same for 
each documfent and are transmitted with each 10 
document; 

4. the Display/Printing Agents are unique and are 
transmitted with each document 

A number of techniques can be used for creating 
unique, but equivalent programs automatically at the 1 s 
compile or link stage. For example: 

(1) the linker can reorder text and data segments; 

(2) the compiler can be instructed to randomly 
optimize certain sections of code; 

(3) sections of the code can be replaced by f unc- 20 
tionally equivalent different algorithms and, 

(4) the compiler can change the register alloca- 
tion sequence. 

Note that more elaborate arrangements for pro- 
tecting RAM access patterns and contents may be 25 
added, at the cost of reduced execution eff iciency. In 
addition, standard techniques of hiding tell-tale code 
sequences (such as replacing system calls to con- 
stant addresses by computed calls) should be used. 

Obviously, numerous modifications and varia- 30 
tions of the present invention are possible in light of 
the above teachings. It is therefore understood that 
within the scope of the appended claims, the inven- 
tion may be practiced otherwise than as specifically 
described herein. 35 



Claims 

1. A method of protecting electronically published 40 
documents, which comprises: 

operating a computer system and network 
for electronic publication of documents, and in- 
cluding therein the steps of: 

a. ) receiving requests for documents from a 45 
plurality of users having computers with dis- 
play devices or printers, said computers being 
connected by said network to said computer 
system, said requests including unique user 
identification for each of said plurality of so 
users; 

b. ) authenticating said requests from said 
plurality of users with a copyright server; 

a) using said copyright server to direct a 
document server to act upon proper authenti- 55 
cation of each request; 
d.) in response to direction from said copy- 
right server, using a document server to cre- 



ate encrypted documents along with a unique 
identification for each authenticated request 
and forwarding said documents to each au- 
thenticated request user through said net- 
work to corresponding agents of each authen- 
ticated request user, each of said agents be- 
ing selected from display agents and printer 
agents; 

e. ) encoding said documents so that each 
document created is uniquely encoded based 
upon said unique identification; and, 

f. ) decrypting said documents at each of said 
agents and making said documents available 
for use only in response to receiving correct 
secret keys provided by said authenticated re- 
quest user to said agents. 

2. The method of claim 1 wherein said document 
server also compresses said documents and 
said agents uncompress said documents in re- 
sponse to receiving a correct secret key provided 
by said authenticated request user. 

3. The method of claim 1 wherein said plurality of 
users have the same agents that uses an algo- 
rithm that derives a key from a system identifier 
to allow decryption and display in subsequent re- 
sponse to a unique, correct user secret key. 

4. The method of claim 1 wherein said plurality of 
users receive agents with each document for- 
warded, all such agents being the same for a giv- 
en document and different from publication to 
publication. 

5. The method of claim 1 wherein said plurality of 
users receive agents with each document for- 
warded, all such agents being different from one 
another. 

6. A method of protecting electronically published 
documents, which comprises: 

operating a computer system and network 
for electronic publication of documents and in- 
cluding therein, the steps of: 

(a) receiving requests for documents from a 
plurality of users having computers with dis- 
play devices or printers, said computers being 
connected by said network to said computer 
system, said requests including unique user 
identification for each of said plurality of 
users; 

(b) authenticating said requests from said 
plurality of users with a copyright server; 

(c) using said copyright server to direct a 
document server to act upon proper authenti- 
cation of each request; 

(d) in response to direction from said copy- 
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